deploy¶
The deploy section allows to set various settings around how the container should be deployed, and what compute resources are required to run the service.
For more details on the deploy, see docker documentation for deploy here
At the moment, all keys are not supported, mostly due to the way Fargate by nature is expecting settings to be.
resources¶
The resources allow you to define the CPU/RAM reservations and limits. In AWS ECS, the CPU only has one attribute, so ECS Compose-X will use the highest value of the two if both set.
Once the container definitions have been generated, the CPU and RAM requirements are added up together. From there, it will automatically select the closest valid Fargate CPU/RAM combination and set the parameter for the Task.
Important
CPUs should be set between 0.25 and 4 to be valid for Fargate, otherwise you will have an error.
replicas¶
This setting allows you to define how many tasks should be running for a given service. The value is used to define MicroserviceCount.
labels¶
These labels aren’t used for much in native Docker compose as per the documentation. They are only used for the service, but not for the containers themselves. Which is great for us, as we can then leverage that structure to implement a merge of services.
In AWS ECS, a Task definition is a group of one or more containers which are going to be running as a one task. The most usual use-case for this, is with web applications, which need to have a reverse proxy (ie. nginx) in front of the actual application. But also, if you used the use_xray option, you realized that ECS ComposeX automatically adds the x-ray-daemon sidecar. Equally, when we implement AppMesh, we will also have another side-car container for this.
So, here is the tag that will allow you to merge your reverse proxy or waf (if you used a WAF in container) fronting your web application:
ecs.task.family¶
For example, you would have:
---
# base file for services with the x-keys for BDD
version: '3.8'
secrets:
abcd: {}
john:
x-secrets:
LinksTo:
- EcsExecutionRole
- EcsTaskRole
Name: SFTP/asl-cscs-files-dev
zyx:
x-secrets:
Name: secret/with/kmskey
Lookup:
Tags:
- costcentre: lambda
JsonKeys:
- VarName: ZYX_TEST
SecretKey: test
services:
app01:
logging:
driver: awslogs
options:
awslogs-group: a-custom-name
awslogs-create-group: "true"
sysctls:
- net.core.somaxconn=2048
- net.ipv4.tcp_syncookies=1
cap_add:
- ALL
# env_file: ./use-cases/env-files/dummy.env
deploy:
update_config:
failure_action: rollback
labels:
ecs.task.family: bignicefamily
resources:
reservations:
cpus: '0.25'
memory: 1GB
environment:
LOGLEVEL: DEBUG
SHELLY: /bin/bash
TERMY: screen
image: nginx
volumes:
- type: tmpfs
target: /tmp
tmpfs:
size: 1024
- normal-vol:/var/tmp/shared
- some-volume:/var/anotherpath:ro
links:
- app03:dateteller
ports:
- mode: awsvpc
protocol: tcp
published: 5000
target: 5000
secrets:
- zyx
x-logging:
RetentionInDays: 42
CreateLogGroup: False
x-network:
is_public: False
UseCloudmap: True
Ingress:
Myself: False
AwsSources:
- Type: PrefixList
Id: pl-6da54004
x-iam:
Policies:
- PolicyName: AllowPublishToCw
PolicyDocument:
Statement:
- Action:
- cloudwatch:PutMetricData
Effect: Allow
Resource:
- '*'
Sid: AllowPublishMetricsToCw
x-xray: false
x-scaling:
Range: "1-4"
app02:
depends_on:
- app01
- bignicefamily
# env_file:
# - ./use-cases/env-files/dummy.env
deploy:
update_config:
failure_action: pause
labels:
ecs.task.family: youtoo
replicas: 2
resources:
reservations:
cpus: '0.1'
memory: 64000kB
environment:
LOGLEVEL: DEBUG
healthcheck:
interval: 1m30s
timeout: 10s
start_period: 1h
retries: 3
test:
- CMD
- curl
- localhost:5000/ping
image: nginx
ports:
- mode: awsvpc
protocol: tcp
published: 5000
target: 5000
secrets:
- zyx
volumes:
- source: some-volume
target: /app/data
type: volume
x-iam:
PermissionsBoundary: arn:aws:iam::aws:policy/AdministratorAccess
ManagedPolicyArns:
- arn:aws:iam::aws:policy/AdministratorAccess
x-scaling:
Range: "1-5"
TargetScaling:
CpuTarget: 88
DisableScaleIn: true
x-xray: false
tmpfs: /run
app03:
tmpfs:
- /run
- /tmp
sysctls:
net.core.somaxconn: 1024
net.ipv4.tcp_syncookies: 0
cap_add:
- NET_ADMIN
- SYS_PTRACE
cap_drop:
- SYS_ADMIN
ulimits:
nofile:
soft: 1024
hard: 2048
nproc: 512
x-aws-min_percent: 50
x-aws-max_percent: 150
deploy:
resources:
reservations:
cpus: '0.25'
memory: 134217728b
environment:
LOGLEVEL: DEBUG
image: nginx
ports:
- mode: awsvpc
protocol: tcp
published: 5000
target: 5000
secrets:
- abcd
- zyx
- john
volumes:
- /generated/volume/from/path
- shared-images:/app/images
- some-volume:/app/data:ro
x-network:
Ingress:
Myself: False
ExtSources:
- Ipv4: 0.0.0.0/0
Description: ANYWHERE
x-logging:
RetentionInDays: 30
x-scaling:
Range: 1-10
rproxy:
logging:
driver: awslogs
options:
awslogs-region: us-east-1
depends_on:
- app01
- app02
deploy:
labels:
ecs.task.family: bignicefamily,youtoo
replicas: 1
resources:
limits:
cpus: '0.25'
memory: 64M
reservations:
cpus: '0.1'
memory: 32M
image: nginx
volumes:
- normal-vol:/tmp/shared
ports:
- mode: awsvpc
protocol: tcp
published: 80
target: 80
x-iam:
ManagedPolicyArns:
- arn:aws:iam::aws:policy/ReadOnlyAccess
x-xray: true
x-network:
is_public: False
UseCloudmap: True
volumes:
shared-images: {}
some-volume: {}
normal-vol: {}
x-dns:
PrivateNamespace:
Name: lambda.internal
x-tags:
costcentre: lambda
Warning
The example above illustrates that you can either use, for deploy labels
a list of strings
a dictionary
ecs.depends.condition¶
This label allows to define what condition should this service be monitored under by ECS. Useful when container is set as a dependency to another.
Hint
Allowed values are : START, SUCCESS, COMPLETE, HEALTHY. By default, sets to START, and if you defined healthcheck, defaults to HEALTHY. See Dependency reference for more information